Researchers from zScaler have discovered a campaign which is using vulnerable WordPress sites to collect and leak user credentials via a backdoor.
The cybercriminals are doing this via a backdoor which is activated once the WordPress user log in via the login page.
The log data is encrypted and sent to a specific domain. The vulnerability is exploited in such a way that the user will not become alerted once logged in.
The following is a sample list of WordPress websites compromised through this campaign: